Releases: cloudposse/terraform-aws-cloudfront-s3-cdn
v0.97.0
🚀 Enhancements
feat: Add support for custom Lambda@Edge policies @jwadolowski (#333)
## whatExecution role associated with Lambda@Edge comes with a hardcoded policy that enables write access to CloudWatch logs. This PR adds support for additional policies. It was implemented in a similar fashion to additional_bucket_policy from the parent module.
why
It's a fairly common situation that a Lambda@Edge function needs access to other AWS services/resources than CloudWatch logs. aws_lambda_function's role argument expects a single role ARN, therefore the only reasonable option is to append new policy statements to the IAM role created in scope of this module.
references
closes #261
Contributors
Assets 2
v0.96.2
🚀 Enhancements
Set allowed and cache methods as non nullable @travis-reed (#324)
what
Set allowed_methods and cached_methods as non nullable
Setting nullable to false ensures that the variable value will never be null within the module. If nullable is false and the variable has a default value, then Terraform uses the default when a module input argument is null.
why
I want to be able to sometimes call this module with explicit allowed_methods and cached_methods and sometimes just use the module defaults.
As it stands, I cannot do that without making my default value match your default value. It would be better for the module to use its defaults when I pass in null
Right now I am hitting
Error: Missing required argument
with module.fanx.module.sdp_assets.module.static_cdn.aws_cloudfront_distribution.default[0],
on /tmp/terraform-data-dir/modules/fanx.sdp_assets.static_cdn/main.tf line 522, in resource "aws_cloudfront_distribution" "default":
522: allowed_methods = var.allowed_methods
The argument "default_cache_behavior.0.allowed_methods" is required, but no
definition was found.
Which I can work around by setting a default on my side, but it isn't ideal behavior
references
- https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values
- https://stackoverflow.com/questions/72213875/transformer-how-to-call-a-module-with-variables-as-default-value
Additional Notes
I wouldn't consider this a breaking change. Today, the behavior if you pass in null as the argument to the module you will get a failure as shown above. This makes passing in null possible without negatively impacting existing users.
Contributors
Assets 2
v0.96.1
🚀 Enhancements
memory and timeout vars for lambda@edge @mihaiplesa (#330)
## whatAllow to configure memory size and timeout for Lambda@Edge module.
why
These fields are not configurable now.
references
Resolves #331
Contributors
Assets 2
v0.96.0
Adding origin_access_control_id to custom_origins @jjchiw (#326)
Adding Origin Access Control Id to Custom Originswhat
Custom Origins didn't have Origin Access Control
Implements this infrastructure
why
Custom Origins didn't have Origin Access Control if we wanted to invoke a lambda we were not able to do it
references
Summary by CodeRabbit
-
New Features
- Enhanced configuration options for custom origins in CloudFront with the addition of
origin_access_control_id. - Updated variable definitions for
custom_originsands3_originsto include access control ID.
- Enhanced configuration options for custom origins in CloudFront with the addition of
-
Bug Fixes
- Deprecated certain variables to streamline configuration and encourage best practices.
-
Documentation
- Updated documentation to reflect changes in variable structures and configurations.
Contributors
Assets 2
v0.95.1
Add support for origin-access-control @rankin-tr (#319)
## what- add Origin Access Control feature
- add
var.origin_access_typeto enable Origin Access Identity or Origina Access Control policy - add
aws_cloudfront_origin_access_control.defaultresource - add
origin_access_control_idargument to origin config onaws_cloudfront_distribution.default
- add
- update example code
- update README
why
- provide the ability to make use of an Origin Access Control
- retain default origin access identity behavior
- AWS recommends using origin access control
- Origin Access Identities are flagged in AWS Security Hub
references
🤖 Automatic Updates
Migrate new test account @osterman (#322)
## what - Update `.github/settings.yml` - Update `.github/chatops.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level to getterratestenvironment - Migrate to new
testaccount
References
- DEV-388 Automate clean up of test account in new organization
- DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
- DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @osterman (#321)
## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` fileswhy
- Re-apply
.github/settings.ymlfrom org level - Use organization level auto-release settings
references
- DEV-1242 Add protected tags with Repository Rulesets on GitHub
Contributors
Assets 2
v0.95.0
What's Changed
- Update README.md by @keithrozario in #308
- fix: private policies cannot use wildcard principal by @dudymas in #311
New Contributors
- @keithrozario made their first contribution in #308
- @dudymas made their first contribution in #311
Full Changelog: 0.94.0...0.95.0
Contributors
Assets 2
v0.94.0
Contributors
Assets 2
v0.93.1
BucketOwnerEnforced s3 buckets can't have an acl @mfuhrmeisterDM (#301)
what
disable creating acl resource in that case.
why
BucketOwnerEnforeced s3 bucket can't have an acl.
references
🤖 Automatic Updates
Add GitHub Settings @osterman (#302)
what
- Install a repository config (
.github/settings.yaml)
why
- Programmatically manage GitHub repo settings
Update README.md and docs @cloudpossebot (#297)
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Contributors
Assets 2
v0.93.0
Fixed deprecated aws_s3_bucket attributes @andruccho (#293)
The following options were deprecated, and have either been updated, or replaced with the new necessary resources:
server_side_encryption_configurationreplaced withaws_s3_bucket_server_side_encryption_configurationresourceversioningreplaced withaws_s3_bucket_versioning resourcecors_rulereplaced withaws_s3_bucket_cors_configuration resourceaclreplaced withaws_s3_bucket_acl resourcebucket_versioninginput added
Pull request is almost the same with #266, exclude override_json replaced with override_policy_documents option, because for me it breaks logs submodule behavior.
I'm getting no deprecation warnings without this change (my aws provider version is 5.30.0).
Contributors
Assets 2
v0.92.1
🚀 Enhancements
Readme/example fix @samcrudge (#229)
what
- Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?)
- Example of 'Origin Group with the origin created by this module as a primary origin and an additional
S3 bucket as a failover origin' showed the s3_origins & origin_group as a map(any) rather than a list(map) causing builds to fail when using said example.
why
- Provide the justifications for the changes (e.g. business case).
- Describe why these changes were made (e.g. why do these commits fix the problem?)
- Examples that reflect the required schema.
references
- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow).
- README.md & README.yaml
🤖 Automatic Updates
chore(deps): update terraform cloudposse/iam-role/aws to v0.19.0 (main) @renovate (#271)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | minor | 0.16.0 -> 0.19.0 |
Release Notes
cloudposse/terraform-aws-iam-role (cloudposse/iam-role/aws)
v0.19.0
IAM Role name length limit @goruha (#58)
what
- Fix IAM role name length limit
why
- Fix IAM role name length limited to 64
Sync github @max-lobur (#54)
Rebuild github dir from the template
v0.18.0
- No changes
v0.17.0
Update main.tf @karinatitov (#50)
have a chance to configure the name of the policy
what
- With this change i want to have an ability to provide a custom name for the policy
why
- the resources i'm working with were not created in the same way this module assumes
- to have a chance to configure the name of the policy
git.io->cloudposse.tools update @dylanbannon (#46)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
v0.16.2
🚀 Enhancements
Add enabled check to data source @nitrocode (#45)
what
- Add enabled check to data source
- Add TestExamplesCompleteDisabled check
why
- Prevent creation if enabled is false
references
v0.16.1
🚀 Enhancements
Disabling all tags in all iam resources @jamengual (#44)
what
- In https://github.com/cloudposse/terraform-aws-iam-role/pull/43 I added the option to disable role tags but in environments where roles are created under very strict controls, the policy tags for the roles sometimes can't be tagged. This change disable tags for all IAM related resources.
why
- to disable tags for role-related things. Use one variable instead of two.
